CVE-2025-8849
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-31

Last updated on: 2025-11-10

Assigner: huntr.dev

Description
LibreChat version 0.7.9 is vulnerable to a Denial of Service (DoS) attack due to unbounded parameter values in the `/api/memories` endpoint. The `key` and `value` parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessively large values are submitted. This results in the inability to create new memories, impacting the stability of the service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-31
Last Modified
2025-11-10
Generated
2026-06-16
AI Q&A
2025-10-31
EPSS Evaluated
2026-06-15
NVD
CVE-2025-8849
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
librechat librechat 0.7.9
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

LibreChat version 0.7.9 has a vulnerability in its /api/memories endpoint where the 'key' and 'value' parameters accept arbitrarily large inputs without proper validation. This causes a null pointer error in the Rust backend when excessively large values are submitted, leading to a Denial of Service (DoS) attack by preventing the creation of new memories and impacting service stability.

Impact Analysis

This vulnerability can cause a Denial of Service (DoS) by crashing or destabilizing the LibreChat service when large inputs are submitted to the /api/memories endpoint. As a result, users may be unable to create new memories, leading to degraded service availability and reliability.

Detection Guidance

You can detect this vulnerability by monitoring requests to the `/api/memories` endpoint for unusually large payloads or excessively long `key` or `value` parameters. For example, using command-line tools like curl or network monitoring tools, you can check for POST or PATCH requests with payload sizes exceeding 100KB or keys longer than 1000 characters and values longer than 10,000 characters. A sample curl command to test might be: `curl -X POST https://yourlibrechatinstance/api/memories -H 'Content-Type: application/json' -d '{"key":"<very_long_key>", "value":"<very_long_value>"}'` and observe if the server returns a 400 error indicating payload size or length violations. [1]

Mitigation Strategies

Immediate mitigation steps include applying the update that enforces strict payload size limits and validation on the `/api/memories` endpoint. This involves limiting JSON payloads to 100KB, restricting memory keys to a maximum of 1000 characters, and memory values to a configurable limit (default 10,000 characters). Additionally, token count checks should be enabled to reject requests exceeding token limits. If you cannot update immediately, consider implementing network-level controls to block or rate-limit requests with excessively large payloads to the `/api/memories` endpoint. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-8849. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart